I explored the concept of a “distributed digital identity” last year in this research, Unlocking the Potential of Decentralized Data, while talking about how important it is to control & narrate the data that you contribute to.
This industry thesis on Decentralized Identities is an extension of that topic, focusing on how using a decentralized identity provides more transparency, accountability, and empowerment for online content and identity for individuals and institutions alike.
Decentralized identity is an open-standards-based identity framework that uses digital identifiers and verifiable credentials that are self-owned and independent and enable trusted data exchange.
Imagine you have a special box that only you can open with a secret key. Inside the box, you have some cards that tell other people who you are and what you can do. For example, you have a card that says your name, a card that says your birthday, a card that says you can go to school, and so on. These cards are called credentials.
Now, sometimes you need to show these cards to other people to prove who you are and what you can do. For example, when you go to school, you need to show your teacher your name card and your school card. When you go to the library, you need to show your librarian your name card and your library card. And so on.
But what if someone else tries to take your cards or make fake cards? That would be bad, right? You don’t want anyone else to pretend to be you or do things that you can do. That’s why you need a way to protect your cards and make sure they are real.
That’s where decentralized identity comes in. Decentralized identity means that instead of keeping your cards in one place or trusting someone else to keep them for you, you can keep them in different places that are connected by a special network. This network is called a blockchain. A blockchain is like a big book that everyone can read, but no one can change. It records everything that happens on the network, like who has which cards and when they use them.
When you use a decentralized identity, you can store your cards in different places on the blockchain network. You can also use your secret key to sign your cards with a special code that proves they are yours. This way, no one can take your cards or make fake ones. And when you need to show your cards to someone else, you don’t have to give them the actual cards. You can just send them a copy of the cards and the code that proves they are yours. This way, you can keep your cards safe and private.
A decentralized identity gives you more control over your own identity and data. It also makes it easier and faster for you to prove who you are and what you can do to other people on the internet. It’s like having a magic box of cards that only you can open and use.
Creating a decentralized identity is a complicated process that I will not discuss in detail for this industry thesis.
This thesis will compare and differentiate between three types of identities we possess:
Centralized Identities: A vendor, employer, or educational institution stores the identity-related information of its users, including personal data and credentials.
Federated Identities: A consortium, alliance, or network agrees to share the identity-related information of their users across their domains or platforms.
Decentralized Identities: Users have complete control over their credentials and personal data stored within a digital wallet. The credentials and personal data are verified by a third party using a blockchain-based ledger that does not store the user’s data.
Unlike centralized and federated (integrated) identity systems, which rely on third-party intermediaries to verify and manage identities, the decentralized identity uses blockchain and other distributed ledger technologies to enable peer-to-peer trust and verification.
With a Centralized Identity, a vendor, employer, or educational institution stores and manages any identity-related information of its users, including personal data and credentials. We are forced to rely on them to protect our data and provide access to the necessary resources and services. As we interact with several institutions, we may have multiple identities and passwords across different entities, which can be inconvenient and insecure.
With Federated Identity, a social media platform, bank, or identity provider acts as a middleman that authenticates our identity and gives us access tokens to access resources and services from other platforms. We can use a single identity and password across multiple entities, which can be convenient and secure. However, we must still trust the middlemen to protect our data and respect our privacy. We may also end up having limited control over what data is shared with whom.
In China, the Alipay Trust Framework (ATF) allows users to verify their identity and credentials with various online services using their Alipay account, which is linked to their RIC.
In Japan, the Japan e-Government Federation Framework (JEF) allows users to access various e-government services using their My Number card or other identity credentials issued by public agencies.
In Germany, the Verimi platform provides users a single login and digital identity for various online services, such as banking, insurance, media, and e-commerce.
With a Decentralized Identity, WE create and control our identifiers and credentials, which are stored in a digital wallet that generates public and private cryptographic keys. Using verifiable presentations, we can choose what credentials to share and how much information to reveal with each entity that verifies our identity. We do not have to unnecessarily rely on intermediaries or expose our data.
A user creates a decentralized identifier (DID), a unique and persistent identifier that does not depend on a central authority. For example, a DID is associated with a document containing public keys, service endpoints, and other metadata, enabling secure communication.
User stores their DIDs and other identity credentials in a digital wallet app that generates public and private cryptographic keys. The public key is used to identify a specific wallet, while the private key is used to sign transactions and prove ownership.
User receives verifiable credentials, which are authoritative statements about the user's attributes or qualifications, from the government, educational institute, or employer. Verifiable credentials are digitally signed by the issuer and can be verified by anyone who trusts the issuer.
User presents their verifiable credentials to a verifier (e.g., service provider) who requests them for authentication or authorization. The user can choose which credentials to share and how much information to reveal using a verifiable presentation, which is an endorsement of the user at the time of the presentation.
A verifier checks the validity of the verifiable credentials and presentations using a blockchain-based ledger that does not store the user's data but records transactions and proofs of existence. The verifier can also use other methods, such as revocation lists or status registries, to ensure the credentials are not expired or revoked.
By following these steps, decentralized identity enables users to manage their identities without unnecessarily relying on intermediaries or exposing their personal data. It also allows verifiers to trust users based on verified claims from trusted issuers.
ELI5: How does Decentralized Identity Work?
Remember the magic box of cards that I told you about? The one that only you can open and use to prove who you are and what you can do? Well, how does the magic box work? How do you get the cards, and how do you show them to other people?
This magic box works with the help of a special network (Blockchain) that connects different places where you can get and use your cards.
When you want a new card, you must go to someone who can give you one.
For example, if you want a card that says you can drive a car, you must go to the government office and take a test. If you pass the test, they will give you a card that says you can drive a car. But they won’t give you the actual card. Instead, they will provide you with a copy of the card and a unique code that proves it’s yours. They will also write in the big book that they gave you this card and this code.
When you want to use your card, you must go to someone who can check it.
For example, if you want to rent a car, you need to go to the car rental company and show them your card that says you can drive a car. But you won’t show them the actual card. Instead, you will show them the copy of the card and the code that proves it’s yours. They will then look in the big book and see if this card and this code match what the government office wrote. If they do, they will let you rent a car.
This way, you don’t have to give your cards or codes to anyone else. You can keep them in your magic box and use them whenever needed. And no one can take your cards or make fake ones because the big book and the codes protect them. This is how decentralized identity works.
Download and install an identity wallet app that supports decentralized identity standards and protocols, such as Trinsic Wallet or Jolocom Smart Wallet.
Create your decentralized identifier (DID) using the identity wallet app. A DID is a unique and persistent identifier you can create and control for yourself or your resources. For example, a DID is associated with a document containing public keys and service endpoints that enable secure communication and verification.
Obtain verifiable credentials (VCs) from trusted issuers, such as government agencies, educational institutions, employers, or other entities. VCs are digital documents that contain authoritative statements about you, such as your name, age, education, skills, or health status. VCs are issued by issuers and stored by you in your identity wallet.
Present your VCs to verifiers who request them. You can choose what information you share and with whom without intermediaries or trackers. In addition, verifiers can check the validity and authenticity of your VCs using blockchain-based ledgers that do not store your data.
By creating a decentralized identity, you entitle yourself to enjoy more privacy, security, and control over your data and credentials. You can also access various online resources and services requiring user verification without storing your data.
Which are digital documents that contain authoritative statements about a subject, such as their name, age, education, skills, or health status.
VCs are issued by trusted entities (issuers) and stored by users in their digital wallets (holders). Users can present their VCs to other parties (verifiers) who can check their validity and authenticity using blockchain-based ledgers that do not store the user’s data.
which are unique and persistent identifiers that users can create and control for themselves or their resources. DIDs are associated with DID documents that contain public keys and service endpoints that enable secure communication and verification. DIDs can be registered on different blockchains or networks (DID methods) and resolved using standardized protocols (DID resolution).
Kiva Protocol: Kiva is a global non-profit organization that uses crowdfunding to finance micro-loans for underserved communities. Kiva launched the Kiva Protocol in Sierra Leone, Africa’s first national decentralized ID system, in 2019.
Microsoft ION: A public, permissionless, open-source network for decentralized identity that runs on top of the Bitcoin blockchain. Microsoft ION uses a novel approach called Sidetree to scale the throughput and performance of DID operations without compromising security or decentralization.
Dock: A blockchain-based network and platform for creating verifiable credentials and decentralized identities. Dock allows users to create self-sovereign identities that they can use across different applications and domains. Dock also allows organizations to issue tamper-proof credentials that can be verified instantly and globally.
As you can see, a decentralized identity offers more independence, privacy, security, convenience, and inclusivity than centralized or federated identity models.
However, it also faces some challenges, such as scalability, interoperability, usability, governance, regulation, adoption, etc.
Interoperability is a key area of focus within the decentralized identity ecosystem, and the topic has proven effective fodder for meaningful discussion at all levels of abstraction.
Interoperability means that decentralized identities can be used across different platforms and applications, regardless of the underlying technologies or protocols, and can work with existing identity models such as OpenID Connect (OIDC) or Security Assertion Markup Language (SAML), which are widely used by many online resources.
However, achieving interoperability is a challenging task.
It requires collaboration and coordination among various stakeholders, such as issuers, verifiers, wallet providers, standard bodies, regulators, etc. It also requires addressing technical challenges such as data formats, protocols, schemas, signatures, revocation mechanisms, etc.
Moreover, it requires balancing trade-offs between security, privacy, usability, and scalability.
Several initiatives and projects are working towards interoperability in decentralized identity.
The Decentralized Identity Foundation is a consortium of organizations that aims to develop open standards and open-source components for decentralized identity.
The W3C Credentials Community Group (CCG) is a group of experts that works on specifications such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), which are core building blocks for decentralized identity.
The Trust over IP Foundation (ToIP) is a coalition of organizations that seeks to establish a global standard for the trustworthy exchange of verifiable digital credentials.
The Self-Sovereign Identity Interoperability Framework (SSIIF) is a project that aims to provide an interoperable architecture for SSI based on DIDs and VCs
These are just some examples of the ongoing efforts to achieve interoperability in decentralized identity. Interoperability is essential for realizing decentralized identity's full potential and benefits for individuals and organizations.
Decentralized identity protocols need different scalability, security, and usability levels depending on design choices, implementation details, and trade-offs.
Scalability: Decentralized identity protocols face scalability challenges due to the limitations of underlying blockchains or distributed ledgers, such as transaction throughput, latency, storage capacity, etc.
Security: Security refers to the ability of a system to protect data and transactions from unauthorized access, modification, or disclosure. Decentralized identity protocols leverage blockchain technology and cryptography to provide security guarantees such as immutability, verifiability, and non-repudiation. However, decentralized identity protocols also face security challenges such as key management, revocation mechanisms, phishing attacks, etc.
Usability: Usability refers to a system's ease of use and user satisfaction. Decentralized identity protocols aim to provide users with usability benefits such as convenience, control, and inclusivity. However, decentralized identity protocols also face usability challenges such as user interface design, user adoption, user education, etc.
There is no one-size-fits-all solution that can optimize all these dimensions at once. Therefore, different decentralized identity protocols may suit different use cases and preferences better than others. This makes building and investing in a Decentralized Identity Protocol more worthwhile.
The most obvious one
Users can verify their identity using cryptography and blockchain technology without disclosing more information than needed. Users can also revoke access to their credentials anytime to prevent identity theft or fraud.
Joe wants to buy alcohol from Bob's liquor store.
Joe has a verifiable credential issued by his government that contains his name, address, date of birth, etc.
Joe uses his digital wallet app to create a verifiable presentation that only reveals his age attribute from her credential.
Joe signs the presentation with his private key corresponding to his decentralized identifier (DID), registered on the blockchain.
Joe sends the presentation to Bob's scanner app via QR code or NFC tag. Bob's scanner app verifies the signature using Joe’s public key retrieved from his DID document on the blockchain.
Bob's scanner app also checks if Joe’s credential is valid using revocation lists or status registries on the blockchain.
Bob sells alcohol to Joe after verifying that he is over 21 years old without knowing any other information about her.
If Joe had no access to a decentralized identity, for him
A Centralized identity system creates a single point of failure and a honeypot for hackers who can compromise the central database and steal or leak Joe's data, and
A Federated identity creates a dependency on the intermediary and a risk of privacy breaches if the intermediary collects or shares Joe's data without his consent.
By using a decentralized identity, Joe protects his privacy by only sharing the minimum information needed for verification. He can also revoke access to his credential anytime if he no longer trusts Bob. Bob can trust Joe’s credentials without contacting the government issuer or storing Joe’s data. Both parties can prevent identity theft or fraud by using cryptography and blockchain technology to ensure transaction and document authenticity, integrity, and non-repudiation.
Users can create and manage their identifiers and credentials using a digital wallet app that generates public and private keys. Users can also use different identifiers for different contexts and purposes without remembering multiple usernames and passwords.
Bob wants to apply for a job at Acme Inc.
Now, Bob uses several DIDs for different purposes: one for his personal life, one for his professional life, one for his hobbies, etc.
He also has several verifiable credentials from various sources: his university degree certificate, his previous work experience certificate, his driving license, etc.
He uses his digital wallet app to create a verifiable presentation containing his professional DID and the relevant credentials he wants to share with Acme Inc.
Bob signs the presentation with his private key corresponding to his professional DID, registered on the blockchain.
He then sends the presentation to Acme Inc.'s HR system via email or QR code. Acme Inc.'s HR system verifies the signature using Bob's public key retrieved from his DID document on the blockchain.
Acme Inc.'s HR system also checks if Bob's credentials are valid using revocation lists or status registries on the blockchain.
If Bob had no access to a decentralized identity, for him
A Centralized Identity creates a hassle where he must create and remember multiple usernames and passwords for different accounts.
A Federated Identity creates convenience for users who do not have to create or remember multiple usernames and passwords for different accounts. However, users still have limited choice over what identity information they share with each entity. Everything is shared.
By using a decentralized identity, Bob can enjoy convenience by only sharing the minimum information needed for verification. He can also enjoy choice by using different DIDs for different contexts and purposes. For example, Bob can avoid lock-in effects by not relying on any intermediary for his online interactions. Acme Inc. can benefit from inclusivity by accepting verifiable credentials from any trusted issuer, regardless of location, format, or technology.
Twitter or LinkedIn doesn’t define Bob’s or our actual credentials when they can be manipulated heavily by algorithms & third-party integrations.
We often have to trust the intermediary's policies and practices blindly.
We also have to rely on the intermediary’s reputation and trustworthiness to verify their credentials, i.e., trusting LinkedIn or Greenhouse, or Lever to accurately present your data without the alternate system behind ATS congesting your data to prove a single point or a series of attributes that an employer would like to see.
Users can use verifiable credentials to prove their attributes or qualifications across domains and platforms without relying on a central authority. Users can also use decentralized identifiers (DIDs) to identify themselves uniquely and persistently across different networks without depending on a domain name system (DNS).
Alice, an American citizen, is on vacation in Canada and wants to rent a car from CarRental Inc. She has several verifiable credentials that she obtained from various sources: her passport, her driver's license, her credit score, etc.
Alice uses her digital wallet app to create a verifiable presentation containing her DID and the relevant credentials she wants to share with CarRental Inc.
Alice signs the presentation with her private key that corresponds to her DID, which is registered on the blockchain corresponding to her DID,
Alice sends the presentation to CarRental Inc.'s scanner app via QR code or NFC tag.
CarRental Inc.'s scanner app verifies the signature using Alice's public key retrieved from her DID document on the blockchain.
CarRental Inc.'s scanner app also checks if Alice's credentials are valid using revocation lists or status registries on the blockchain.
CarRental Inc. rents a car to Alice after verifying that she has a valid passport, driver's license, and credit score without knowing any other information about her.
If Alice had no access to a decentralized identity, for her
By using a decentralized identity,
Alice can enjoy her vacation by accessing new services that were not possible before. She can also enjoy interoperability by using verifiable credentials across different domains and platforms without depending on any central authority or intermediary.
CarRental Inc. can benefit by offering new customer experiences and business models that were impossible before. They can also benefit from interoperability by accepting verifiable credentials from any trusted issuer, regardless of location, format, or technology.
Social media is one of the domains where DIDs can have a significant impact and create new opportunities for innovation and value creation. Today’s social media platforms face several challenges, such as misinformation, censorship, data breaches, privacy violations, and user dissatisfaction. These challenges undermine social media content's trust, quality, diversity, and communication.
Decentralized identities can address these challenges by giving users more control, privacy, and security over their personal data and online interactions. Decentralized identities are based on cryptographic keys stored in user-controlled wallets rather than on centralized servers owned by businesses or platforms.
Decentralized identities can also enable new social media outlets that offer more diversity, creativity, and quality of content and communication. For example, decentralized social media outlets can leverage blockchain technology to create new business models, such as tokenization, incentivization, and governance.
Decentralized identities can also contribute to solving some of the social problems caused by centralized social media platforms, such as misinformation, polarization, manipulation, and discrimination. Decentralized social media outlets can foster more transparency, accountability, and collaboration among users and communities.
Today's social media platforms face several challenges: misinformation, censorship, data breaches, privacy violations, and user dissatisfaction. Decentralized social media outlets aim to address these issues by allowing users to choose which networks to join, create their own rules and terms of service, and own their content and data.
One of the potential benefits of decentralized identity is that it can help combat misinformation on social media platforms by providing greater transparency and accountability for online content.
False news and misinformation: Social media platforms often amplify popular and sensational content that may not be accurate or verified, leading to confusion, polarization, and distrust among users. Moreover, social media platforms and their advertisers may benefit from the engagement and attention generated by false news, creating a perverse incentive to allow or encourage it.
A tweet that wrongly identified the attacker in the Toronto van attack as Middle Eastern received far more engagement than a tweet that correctly identified him as white.
A network of Facebook pages masquerading as independent media outlets and posting political cartoons that targeted Libya and were linked to a Russian businessman.
A report by the Integrity Institute found that Facebook had the most instances of misinformation among social media platforms but amplified it less than other platforms such as Twitter and YouTube3.
A series of misleading posts about how to vote or participate in the U.S. Census, such as giving out the wrong hours for a polling place or claiming that people can cast a vote online.
Nintendo: A fake Nintendo account with a Twitter Blue badge posted an image of Mario flipping everyone off. This went viral and confused many fans, and Twitter later suspended the account.
Politics: Several fake accounts impersonating former and current world leaders, such as Tony Blair, George Bush, Pope Francis, and Pope John Paul II, posted misleading or false statements on Brexit, climate change, and COVID-19. Some accounts engaged with each other to create more confusion and controversy.
Eli Lilly: A fake account posing as the pharmaceutical company Eli Lilly tweeted that insulin was free, which caused a lot of excitement and outrage among users. The real Eli Lilly had to apologize for the misleading tweet and clarify that its insulin was, in fact, not free. Another fake account then apologized for the real Eli Lilly’s apology. The tweets also affected the stock price, as it dropped by 3%.
COVID-19 and vaccines: “COVID-19 was a hoax, a bioweapon, or a population control scheme; that masks and lockdowns were ineffective or harmful; that vaccines were unsafe, inadequate, or contained microchips; and that alternative treatments such as hydroxychloroquine or ivermectin were effective cures.”
Climate change: “climate change is not real, not human-caused, or not a serious problem; that there is no scientific consensus or evidence for climate change; that renewable energy sources are unreliable or expensive; and that individual actions have no effect on reducing greenhouse gas emissions.”
Lack of regulation and accountability: Social media platforms have been known to operate with minimal oversight within themselves.
This is how:
DIDs verify the provenance of online content, such as who created it, when, where, and how. This helps us characterize between authentic and manipulated content.
DIDs improve the reputation of online content creators and influencers by allowing them to build and share their credentials and actions on-chain. This helps us assess the reliability and credibility of the sources they follow or interact with.
DIDs entrust users to control their data and privacy by giving them the choice of information they share with online platforms and third parties. This helps us protect ourselves from data breaches, identity theft, and unwanted surveillance that sometimes provoke misinformation campaigns.
Decentralized Social Media Platforms such as Minds, Farcaster, Lens, and many more use the on-chain identity to provide more transparency and accountability for online content.
Ranveer, a.k.a, Beer Biceps, hosts one of the most popular podcasts in India, The Ranveer Show. While some of his content (kidding) is worth listening to, there’s almost zero DD on his guests’ backgrounds from his end.
Look at this podcast attended by Rajiv Malhotra. He is a renowned computer scientist who has spent the last 50 years in the U.S.A., studying & researching topics like AI, Computers, Geo-Politics, & Ancient Indian Scriptures.
Now Rajiv Malhotra, with all his education and experience was involved in a wealth management scheme with the now escaped criminal, Nithyananda. Rajiv proposes to Bill Gates that he should deposit a part or whole of his net worth with him so that when dies and is reborn again in his next life, he can give this money back to him.
The link to the video below:
The goal of this example is not to insult Ranveer’s podcast but to make other people aware of frauds who go on to attend such podcasts with a humungous following from spreading such content.
As we consume content on the internet, we need to be aware of who we listen to and who we interact with. And it’s very difficult to verify who we are interacting with, if we just blindly listen and agree with the crowd. We all need conviction sometimes.
Decentralized Identities solves this. On-chain credentials are the next big phenomenon waiting to happen.
In this research thesis, I have explored the concept of decentralized identity and its applications in social media platforms. Projects building on decentralized identities have a competitive advantage over existing solutions by providing a user-centric and trustless identity system that enables new use cases or applications that were not possible before.
I have also examined the benefits and challenges of using a decentralized identity to provide more transparency, accountability, and empowerment for online content and identity. What I found was that decentralized identity offers a promising alternative to the current centralized and federated identity systems that are vulnerable to manipulation and abuse.
They offer a way to empower individuals with more control and privacy over their online identities, while also enabling interoperability and innovation across different platforms and services.
As we have seen with examples of Alex, Alice & Bob, Decentralized identities have the potential to transform how we interact with the digital world, and create new opportunities for social and economic inclusion.
As more people become aware of the benefits and challenges of decentralized identities, we can expect to see more adoption and development of this emerging technology in the near future.
Thank you for reading through. Please subscribe below to get regular post updates.
I’d also appreciate it if you shared this with your friends, who would enjoy reading this.
My previous research: